Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual page 671
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
If the request lacks any information required by the responder to process it
or if the responder is not configured to provide the requested service to the
client, the responder sends a rejection notification to the client. The
responder also writes an appropriate error message to its log file.
If the request meets all the criteria, the responder returns a response to the
client that requested it: it checks its list of revoked certificates for the one
whose status is being requested, verifies its status, composes a report, signs
the report, and sends the report to the client.
Note that every response that the client receives, including a rejection notification,
is digitally signed by the responder; the client is expected to verify the signature to
ensure that the response came from the responder to which it submitted the
request. The key the responder uses to sign the message depends on how the OCSP
responder is deployed in a PKI setup. RFC 2560 recommends that the key used to
sign the response belong to one of the following:
•
The CA that issued the certificate and whose status is being verified by the
responder.
•
A responder whose public key, which corresponds to the private key it uses to
sign responses, is trusted by the client. Such a responder is called a trusted
responder.
•
A responder that holds a specially marked certificate issued to it directly by the
CA that revokes the certificates and publishes the CRL. Possession of this
certificate by a responder indicates that the CA has authorized the responder to
issue OCSP responses for certificates revoked by the CA. Such a responder is
called a CA-designated responder or a CA-authorized responder.
Certificate Management System has a built-in OCSP responder and allows you
to request OCSP responder certificates. The end-entity interface of both
Registration Manager and Certificate Manager includes a form that allows you
to manually request a certificate for the OCSP responder. The default
enrollment form includes all the attributes (for example,
HTTP_PARAMS.certType==ocspResponder
OCSP responder certificate. The required extensions, such as OCSPNoCheck
and OCSPSigning, can be added to the certificate when the certificate request is
subjected to policy checking; see "Configuring Policy Rules for a Subsystem"
on page 569.
What's an OCSP-Compliant PKI Setup?
) that identify the certificate as an
Chapter 21
Setting Up an OCSP Responder
671
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN